The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote malicious users to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla network security services |
||
canonical ubuntu linux 11.10 |
||
canonical ubuntu linux 12.10 |
||
canonical ubuntu linux 10.04 |
||
canonical ubuntu linux 12.04 |
||
oracle glassfish server 2.1.1 |
||
oracle iplanet web proxy server 4.0 |
||
oracle traffic director 11.1.1.7.0 |
||
oracle iplanet web server 7.0 |
||
oracle vm server 3.2 |
||
oracle glassfish communications server 2.0 |
||
oracle enterprise manager ops center 12.1 |
||
oracle enterprise manager ops center 12.2 |
||
oracle iplanet web server 6.1 |
||
oracle enterprise manager ops center 11.1 |
||
oracle opensso 3.0-03 |
||
oracle traffic director 11.1.1.6.0 |
||
redhat enterprise linux server 5.0 |
||
redhat enterprise linux workstation 5.0 |
||
redhat enterprise linux desktop 6.0 |
||
redhat enterprise linux server 6.0 |
||
redhat enterprise linux workstation 6.0 |
||
redhat enterprise linux desktop 5.0 |
||
redhat enterprise linux server aus 5.9 |
||
redhat enterprise linux eus 5.9 |